GCE SSH Access to VM Instance

2019-03-01 05:24发布

问题:

I have a few servers that host customer websites. These customers access the system via SSH or SFTP for data manipulation. In GCE, I don't know what the best approach for this type of access is considering our hosting application creates a jailed account for the users via a control panel and billing system.

I thought about altering sshd_config to allow SSH access with passwords for users. However, GCE documentation reveals that if an instance is rebooted or upgraded to a different machine type that SSH settings would be reset based on the image. Therefore I would lose my sshd_config alterations. I was under the impression that as long as I have a persistent boot disk that I wouldn't loose such changes.

What options do I have to allow our customers to access the server via SSH without them having to use gcutil and be able to authenticate with passwords.

回答1:

After some testing, I have found that enabling SSH is as simple as modifying your sshd_config file. This file DOES NOT get reverted back to GCE defaults if using a persistent disk. So, a reboot or a VM instance migration/upgrade should keep all SSH settings intact as long as you are using a persistent disk or recovering from a snapshot.

I tested by doing the following:

  • Modifying SSH for password authentication (as needed)
  • Test VM connectivity with just ssh vm_fqdn without using gcutil and was successful
  • Rebooted the VM instance, which kept all sshd_config changes allowing me to still connect with passwords outside of gcutil
  • Recreated a different instance of GCE with the persistent disk, which also kept my SSH settings allowing me to login without gcutil

Seems like the documentation for all SSH settings/authentication methods are geared to VM instances that are not using persistent disks if you do reboot. Settings with non-persistent disks would trigger new SSH default settings.